RC4 is now disabled by default in OpenJDK 6 and OpenJDK 7
Earlier _OpenJDK_ packages allowed the RC4 cryptographic algorithm to be used when making secure connections using Transport Layer Security (TLS). This algorithm is no longer secure, and it has been disabled in this release. To retain its use, it is necessary to revert to the earlier setting of the `jdk.tls.disabledAlgorithms` of `SSLv3, DH keySize < 768`. This can be done permanently in the `<java.home>/jre/lib/security/java.security` file or by adding the following line:
jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768
to a new text file and passing the location of that file to Java on the command line using the `-Djava.security.properties=<path to file>` argument.
Clone of bug 1217132 for RHEL 7.
This bug has been selected for inclusion in 7.3 Release Notes. Could you please add info to the Docs Text field, so that I can use it to formulate the release note?
Perhaps it could be lumped together with bug #1302383?
Yes, that sounds like the right approach. We did the same for this pair of bugs in RHEL 6.8, and you should just be able to re-use the documentation text from bug #1217131 to cover both this and bug #1302383.
Great, thanks, Andrew. I didn't notice the 6.8 bug.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.